Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers zero-day exploits advertised on a cybercriminal forum, a new AI threat taxonomy from Google DeepMind, and a newly identified side-channel attack method called SnailLoad.
1. Zero-day exploits advertised
Full report available for CYMON users here.
Key Takeaways:
- User Cas has uploaded several threads about zero-day vulnerabilities on a cybercriminal forum.
- The first, “0Day UAF in Linux Kernel,” allegedly allows an attacker to perform privileged code execution, enabling data exfiltration. It reportedly affects Linux Kernel version 6.6.15-amd64 for 64-bit systems. The exploit is advertised for $150,000, payable in XMR or BTC. Cas also offers the binary for $130,000 and the source code for $150,000.
- The second, titled “0Day Linux LPE via GRUB BootLoader,” supposedly allows an attacker to modify initialisation parameters to spawn a root shell. This exploit targets the latest version of the GRUB boot loader and is priced at $90,000, with payment exclusively in BTC.
Analyst comment:
- Cas joined the English-language cybercriminal forum on 19 June 2024 and has a high reputation score of +181 from six positive reviews, including from reputable users like moderators Aegis and IntelBroker. IntelBroker, who acted as a middleman for one payment, verified the vulnerabilities and endorsed Cas. The only visible threads posted by Cas are the vulnerability threads and an introduction thread. There is no clear evidence that either vulnerability has been sold.
- While the claims cannot be verified at this time, Cas’ quick reputation growth and endorsements from forum moderators, along with the offer to use escrow, add credibility to the claims.
2. Google DeepMind outlines AI threat taxonomy
Full report available for CYMON users here.
Key Takeaways:
- Researchers at Google’s DeepMind have created a new taxonomy for AI threats, combining existing research with over 200 reports from 2023 and early 2024.
- The attacks are divided into two categories: those exploiting generative AI capabilities and those compromising generative AI. These are linked to goals such as opinion manipulation, harassment, profit, and terrorism.
- The report concludes that the easy accessibility and low-tech nature of these threats necessitate new, multifaceted mitigation approaches.
Analysts Comment:
- As generative AI has expanded in recent years, so have its uses in cyberattacks. This taxonomy and breakdown of AI-related threats enable easy classification of cyber threats.
3. New side-channel attack SnailLoad identified
Full report available for CYMON users here.
Key Takeaways:
- Researchers disclosed an attack method named SnailLoad that allows remote attackers to infer websites and content viewed by users without accessing their network traffic.
- A paper titled “SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript” describes this side-channel attack, using examples like inferring a watched YouTube video.
- When a victim downloads data from an attacker’s server while watching a YouTube video, the attacker can measure the packet round trip time due to network bottlenecks. These traces are unique to each video and can classify the video watched.
Analysts Comment:
- As with many side-channel attacks, SnailLoad is difficult to mitigate, but also difficult to successfully execute.
Discover the strategic and tactical insights, plus expert analyst comments
Stay ahead of cyber threats with our comprehensive threat intelligence reports. Request a demo today to access these invaluable insights and enhance your cybersecurity posture.